“Calhoun 


Institutional Archive of the Naval Postgraduate School 





Calhoun: The NPS Institutional Archive 
DSpace Repository 


Theses and Dissertations 1. Thesis and Dissertation Collection, all items 


1982 


Deadlock detection in distributed computing systems 


Gehl, Michael T. 


http://ndl.handle.net/10945/20120 


This publication is a work of the U.S. Government as defined in Title 17, United 
States Code, Section 101. Copyright protection is not available for this work in the 
United States. 


Downloaded from NPS Archive: Calhoun 


Calhoun is the Naval Postgraduate School's public access digital repository for 


/ (8 D U DLEY research materials and institutional publications created by the NPS community. 
«ist : Calhoun is named for Professor of Mathematics Guy K. Calhoun, NPS's first 


NY KNOX appointed — and published — scholarly author. 


LIBRARY Dudley Knox Library / Naval Postgraduate School 
411 Dyer Road / 1 University Circle 
Monterey, California USA 93943 





http://www.nps.edu/library 





CUDLEY KNOX LIBRARY 
NAVAL POSTGRADUATE SCHOOL 
I; ONTEREY, CALIF. 93940 














NAVAL POSTGRADUATE SCHOOL 


Monterey, California 





HAESIS 


DEADLOCK DETECTION 


iP DrSTATBULED = COMPUDENG SYSTEMS 


by 


Michael T, Gehl 


June 1982 


Thesis Advisor: Dushan Z. Badal 





Approved for public release; distribution unlimited 


79204158 








SECURITY CLASSIFICATION OF THiS PAGE (When Date Entered) 


REPORT DOCUMENTATION PAGE 


2. GOVT ACCESSION NO 


READ INSTRUCTIONS 
BEFORE COMPLETING FORM 


4 3) RECIPIENT'S CATALOG NUMBER 


$5. TYPE OF REPORT 6 PERIODO COVERED 
Measmer s  inesis 
June 1982 


- PERFORMING ORG. REPORT NUMBER 














TITLE (and Subtitie) 


DEADLOCK DETECTION IN 
DISTRIBUTED COMPUTING SYSTEMS 





4. 






















» AUTHOR ea) 


Michael Thomas Gehl 


- CONTRACT OR GRant NUMBER(e) 
















10. PROGRAM ELEMENT. PROJECT TasK 
AREA & WORK UNIT NUMBERS : 


12. REPORT DATE 
June 1982 
13. MUMBER OF PAGES 


74 


18. SECURITY CLASS. (of thie report) 


- PERFORMING ORGANIZATION NAME ANDO ADORESS 


Naval Postgraduate School 
Monterey, California 93940 






CONTROLLING OFFICE NAME ANO ADORESS 


Naval Postgraduate School 
Monterey, California 93940 












MONITORING AGENCY NAME &@ ADORESS(1If difierent trom Cantroiiing Office) 





Unclassified 






Se. OECLASSIFICATION/ DOWNGRADING 
SCH EOULE 











16. O:STRIBUTION STATEMENT (of thie Repert) 
Approved for public release; distribution unlimited. 






17. DISTRIBUTION STATEMENT (of the adatrect entered in Block 20, if different from Report) 





18. SUPPLEMENTARY NOTES 








19. KEY WORDS (Continue on reveree side if neceseary and identity vy bleck number) 


Distributed Computing Systems, Concurrency Control, Deadlock, 
Distributed Database Systems, Computer 







ABSTRACT (Continue an revevee side if neceseary and identity ey sleck number) 


With the advent of distributed computing systems, the problem of 
deadlock, which has been essentially solved for centralized 
computing systems, has reappeared. Existing centralized deadlock 
detection techniques are either too expensive or they do not 
work correctly in distributed computing systems. Although 
several algorithms have been developed specifically for 
distributed systems, the majority of them have also been shown 








DOD , FORM §1473.0«— «EDITION OF 1 NOV 8818 OBSOLETE 


JAnm 73 


2 2 a 
S/N 0102°014> 6601 | SECURITY CLASSIFICATION OF THIS PAGE (When Date Entered) 





emma eemerr te ree 
SecumPry og AGGrFICaTIOQn OF Tues AGE (ran Mera Satered 


20. (Continued) 


to be inefficient or incorrect. Additionally, although 
fault-tolerance is usually listed as an advantage of 
distributed computing systems, little has been done to 
analyze the fault tolerance of these algorithms. This 
thesis analyzes four published deadlock detection algorithms 
for distributed computing systems with respect to their 
performance in the presence of certain faults. A new 
deadlock detection algorithm is then proposed whose 
efficiency and fault tolerance are adjustable. 


DD Form. 1473 


a t 
S/} 012-014-6601 SECURITY CLASSIFICATION OF TwIS PAGEMRER Date Enioved) 


—_ ew oe 
ee ee 8 oe ee ee 


— ee a 





Pepaovedwier public release; Distribution unlimited 


PoalOeCKk eDeTeCCULOm, in Distributed Computing Systems 
DY 


mecrael |. Gehl 
Lieutenant Commander, United States Navy 
mo welowaw ovale University, 1971 


Puemunwed san partial fulfillment of the 
requirements for the degree of 


MASTER OF SCIENCE IN COMPUTER SCIENCE 
Teom uae 


WAVAENPOSPGRADUATE SCHOOL 
June, 1982 





DUOLrY 


‘ on © Xa, 
g. PSt 


ABSTRACT 


Michele waavenimmorcdistributed computing systems, the 
problem of deadlock, which has been essentially solved for 
centralized computing systems, has reappeared. EXL Se ine 
centralized deadlock detection techniques are either too 
expensive or they do not work correctly in distributed 
Gomoueing ~Ssystems . Although several algorithms have been 
developed specifically for distributed systems, the majority 
of them have also been shown to be inefficient or incorrect. 
moGdmeelonaliy. —although fault-tolerance is usually listed as 
an advantage of distributed computing systems, little has 
been done to analyze the fault tolerance of these 
aeoor Looms. [irs = enesis “analyzes four published deadlock 
detection algorithms for distributed computing systems with 
respect to their performance in the presence of certain 
faults. A new deadlock detection algorithm is then proposed 


whose efficiency and fault tolerance are adjustable. 





Pee Or “CONTENTS 


ae TINIE ROUBINI ae 
Om tee nObLEM —=———ss...--- o-oo oee—— 
Peo) sommes TO! PROBLEM  =—{_{———<{</]-——<<{={—{— 
Cee oC UR DeOm@mrhe DORSIS  =a0_.=w==<—-20—---———-----== 
See ecm lohmOne ha DLOCK -=—_1=6—8.—8€-2—-- “2 lll lo 
PIT. ANALYSIS OF DEADLOCK DETECTION ALGORITHMS -------- 
at elec OnmireM ObeCGOLDMAN =---------....-.---.=. 
B. THE ALGORITHM OF MENASCE={MUNTZ ---------------- 
a Oe eGOnM On sOBERMARCK <------------------<= 
D. THE ALGORITHM OF TSAI AND BELFORD ------------- 
E. CONCLUSIONS -922-2-----2--------- 2-222 - ee e 
See OrOse pe {LGORLIHM | —----——--=----=—---_-_--—-____ = 
ae iis) aes e eS. Se ee 
B. THE ALGORITHM --------------------------------- 
C. EXPLANATION OF THE ALGORITHM ------------------ 
no eee) OnmaLGORITIM | =——$—$—$—$—- = —- = ———--_-__ — 
V. ANALYSIS OF THE PROPOSED ALGORITHM --------------- 
A. INFORMAL PROOF OF CORRECTNESS ----------------- 
B. ROBUSTNESS ANALYSIS --------------------------- 
C. PERFORMANCE ANALYSIS’ ----2----------------------- 
VI. CONCLUSIONS -------------------------------------- 
LIST OF REFERENCES ----------------2--2------------------ 
INITIAL DISTRIBUTION LIST ----------------------------- 





I. INTRODUCTION 


pee LEMENT OF THE PROBLEM 

Peaduge@sis a Circular walt condition which can occur in 
any multiprogramming, mule tomrocess ing or distributed 
Eemeucrer System wWnieh uses Locking to maintain consistency 
of the data base, if resources are requested when needed and 
processes are not aSSigned priorities. It indicates a state 
in which each member of a set of transactions is waiting for 
some other member of the set to give up a lock. An example 
of a simple deadlock is shown in Figure 1. Transaction T1 
holds a lock on resource R1 and requires resource R2; 
macisaction i2 holds a lock on resource Re and requires Ri. 
Wemenerestransaction can proceed, and neither will release a 


loek unless forced by some outside agent. 


T 1 Ve 
R1 R2 
ate) =— 4 Simple deadiock cycle 


There have been many algorithms published for deadlock 
detection, prevention Ne avoidance in centralized 


multiprogramming systems. The problem of deadlock in those 





systems has been essentially solved. With the advent of 
distributed computing systems, however, the problem of 
deadlock reappears. Certain peculiarities of distributed 
systems (lack of global memory and non-neglibible message 
delays, in particular) make centralized techniques for 
@eadlock detection expensive and incorrect in the sense that 
Gaeyes do net detect all deadlocks and/or they detect false 
deadlocks. Although there have been several deadlock 
Ge cteocuroneabeoritmms £Or distributed systems published, most 


of them have been shown to be incorrect. 


Pee OorOsEDe SOLUTION TO THE PROBLEM 

In this thesis, a new deadlock detection algorithm for 
@mseentousead Computing systems is proposed which is low cost 
in terms of inter-site messages. The proposed algorithm is 
also able to be dynamically modified to make it more robust. 
The algorithm assumes a model of transaction execution 
wherein a transaction which requires a resource located at 
Seer Site Will “migrate’' to that site to utilize the 
resounee The major differences between the proposed 
Sicormrim and existing algoritnms are the concept of a Lock 
History which each transaction carries with it, and a three 
Staged approach to deadlock detection, with each stage, or 
level, of detection activity being more complex than the 


preceding. 





Pee nUCTURE OF THE THESIS 

imcwaoter WO, —a 5 emere detailed diScussion of the 
deadlock problem and published solutions is presented. For 
Meo cceck Wivunh little background in this problem, it presents 
meoclrcr es 1itroduction to the published literature on the 
deadlock condition. A reader more familiar with the 
Pemd?tion of deadlock may wish to proceed directly to 
eaeaever three or fotirs™ Chapter three presents an analysis 
of me published algorithms with respect to their 
robustness in the presence of single site failures and lost 
messages between sites. The four algorithms are executed on 
Che same example so that they can be easily compared. 

Mimeiaeeer L£our, One version of the proposed algorithm 
1s presented. Tass vyersion “1s Che Veast robust version 
available, and it is presented for ease of comparison with 
Salckuneaiecerichms. An informal proof of correctness and a 
comparison with the algorithm of Obermarck [Ref. 1] is 
included in Chapter five. The algorithm is also executed on 
the example of Chapter three for comparison of 10S 
robustness with that of the algorithms analyzed in that 
chapter. Chapter six discusses several modifications which 
Saeeoemmade. to  ctvhe proposed algorithm to increase its 
robustness. The conclusions reached by the autnor during 


this research are also presented in Chapter six. 





oe lee | LON VO DEADLOCK 


In the past decade there has been considerable work done 
on distributed computer networks and multiprocessor systems. 
Both of these are predecessors of distributed computing 
systems which are presently a focus of intensive researcn 
and development in academia and industry. Many techniques 
for concurrency control, reliability, recovery or security 
developed for centralized (or single CPU) systems have been 
or are being adopted and adapted for distributed computing 
Systems. For example, there is a tendency to use locking as 
a general synchronization technique in distributed systems 
and itS special variant, two-phase locking, for distributed 
@atabase systems. Up until recently it has been argued that 
miemitcaquemey Of deadlock occurence in existing applications 
foes® low that the problem of deadlock in distriouted 
systems is not very important and therefore can be managed 
by adopting techniques developed for centralized systems. 
However, it has become recently apparent that deadlocks may 
be a problem in the future aS new applications featuring 
large processes and/or many Concurrent processes ang 
transactions arise [Ref. Zale An example of such an 
application 1S an information utility system which services 


concurrently hundreds or perhaps thousands of TV users. 





Distributed computing systems are characterized by the 
absence of global memory and by message transmission delays 
which are not negligible. Additionally, processes operating 
at the same or different sites can communicate with each 
other, and can share resources. If locking is used as_ the 
eymenronization technique, then the last two items raise the 
problems of deadlock occurence in distributed systems, and 
@icemirrst two characteristics of distributed systems make it 
much more difficult to detect, avoid oor prevent deadlock 
than in the earlier multiprogramming centralized computing 
systems. 

Dedameecien = prevention “and avoidance algorithms for a 
distributed computing systems are generally not efficient. 
Prevention can be accomplished by 1) not allowing concurrent 
procesSing, 2) assigning priorities and allowing preemption, 
SPemreagairitie a process to acquire all resources it will need 
before be Sediers. "sOne = 4 == having. ie vwoexs.. Requiring 
sequential execution in a distributed system iS a gross 
waste of resources. Havine oOrloritized processes will 
result in lower-prioritied processes being restarted many 
times, with a major degradation in system efficiency. 
Dynamic prioritization would be a complex and time consuming 
algorithm by itself. A process may be unable to determine 
its minimum set of resources, and therefore would have _ to 
aeamiemumem set Of all probable and possible resources, even 


Mnougnh it may not need"“them. In addition, in systems in 


10 





which messages are treated as resources, it is INDO ssS lobes to 
determine in advance which messages will be _ required. 
Assuming a non-optimistic concurrency controller, having no 
locks may result in database inconsistencies. Salimieser ly, 
deadlock avoidance algorithms. which either calculate a 
mame pavhn' |Ref. 3} or never wait for a lock [Ref. 4] are 
also inefficient. Safe path algorithms require a non-trivial 


execution time, and must be done each time aeresource 


request is to be granted. Never waiting for a lock is 
inefficient when deadlock iS a rare occurence. Tis. jen 
fmseriouted Computing Systems, 1t appears that deadlock 


Geaweceion and yresolution algorithms should be investigated 
to determine if they are a more efficient method of handling 
deadlock. 

There are four criteria that any deadlock detection 
algorithm for distributed computing systems must meet. They 
Macmpmcorrectness, 2) robustness. 3) performance, and 4) 
Oimeaewhed li ty. Correctmess \retfers to the ability of the 
aeeenrpnm vo detect all deadlocks, and the ability to not 
detect any false deadlocks. Robustness refers to the ability 
of the algorithm to be correct even in the presence of 
amet Oa Cede faults. Mis includes tne abigity toxsdetect 
deadlocks even when a site fails or loses communications 
while the deadlock detection algorithm is being executed. 
iiemectsenmmance of the algorithm refers to its overhead -- 


the delays between deadlock and detection, CPU time used, 


i 





number of messages required, etc. Pracvclead Muyo hs CLOSely 
@eeetead tO performance, and refers to aspects Such as 
Sompelexity and cost. 

The two major approaches to deadlock detection and 
resolution are centralized and distributed deadlock 
Seoeoev ion algorithms. Within the distributed class are two 
subpelasses; 1) all or several sites execute the deadlock 
detection algorithm, and 2) only one site is actually 
executing, although the algorithm is resident in all sites 
and thus any site could execute the algorithm. It might be 
easier to view the algorithms as a continuum: fully 
sompeedrazea ~PRet. 4], hierarchical {Ref. 5], distributed 
fase single Site at a time executing the algorithm [Ref. 
Beeeedtstriouted with all sites involved in a possible 
aoaaegek executing the algorithm concurrently [Ref. 5], and 
meseriouced with all Sites executing the algorithm 
eemeurrently {[Ref. 6]. 

The robustness of several published deadlock detection 
Hiemm@esolturion algorithms for distributed systems will be 
analyzed in Chapter three. The motivation for this analysis 
comes from three facts Pars ts; very few authors 


jivesvrsatred robustness or reliability of deadlock detection 


elecora cams. Second, reliable deadlock detection and 
resolution for upcoming new distributed systems and 
Seoercautonse 1s an Urgent, very important and aS yet nov 
Betis actoriuy resolved problem. Third, as there can be 


ike 





more than one deadlock being detected by the deadlock 
detection algorithm, it is reasonable to expect such an 
algorithm to be robust, i.e., to continue executing and 
detecting all deadlocks even in the presence of failure(s) 
which might have in effect broken one of the deadlocks being 
detected. 

The analysis of the robustness of the deadlock detection 
algorithms (DDA) will concentrate on investigating the 
mimaaes Of some Single failures on such algorithms. In 
general, the DDA is invoked by two events = either whenever 
a process waits for a resource, or after a certain period of 
time has elapsed since the last DDA invocation. In the 
first case, deadlock is checked for whenever its possibility 
appears, and in the second case it is checked for 
eomme@maal!y ((negardiess of whether its possibility exists). 
mevormame Of the first case is to delay checking for 
deadlock for some period of time on the premise that most 
transaction Walts are transitory and will not become 
deadlocked. 

The DDA can reside in one, several or all sites of the 
distributed computing system. When a triggering event for 
DDA occurs, one, several or all sites, depending on the 


Ramee amemmecemonr2thm, will receive information from several 


Semcluescttlece ouch information consists of “who waits. for 
whom and where", and it can be represented by arcs of the 
Moke Or granpnypesstrings, or le SiS of processes ©iG 


13 





Eransacvions. Upon receipt of such information one, several 
Or all sites attempt to reconstruct a global state of the 
distributed system, i.e., to generate a true snapshot either 
of all waiting processes or of all processes in the system. 
The generation of such ae true snapshot in the 
S@eotribvuted System is difficult and perhaps even impossible 
because of message delays and the lack of global memory. 
What is desired, however, is a true snapshot of the deadlock 
cycle: the status of other transactions in the system should 
be inconsequential to the deadlock detection process. The 
generation of such a true snapshot of the deadlock cycle, 
usually referred to as a global wait-for graph, becomes more 


Peerreule when we consider the possibility of failures in 


Mies distributed system. Some system mechanisms have been 
fwicsesneds tO be robust or reliable. For example, some 
eeneurrenc y CoOmerme. or synchronization mechanisms for 


iecemmouted databases and transaction processing systems are 
based on two phase locking, which has been made robust by 


Peco rarine atLOmicity by using two phase commit protocols. 


The BiGmmodase COMmmiLt protocol Supports not only the 
aeemteity of tranSactions but it also supports the 
Mmewlmsunmess On locking, 1.e., the robustness of concurrency 
control mechanisms. In partrcurar what makes the 


Meonetmeenieywecenerol whieh uses locking robust is tne need to 
lock and unlock resources in a robust way, i.e., either all 


lock/unlock operations for a given process or transaction 


14 





fecumor none occur. Thus the robustness of concurrency 
control supports the atomicity of placing and releasing a 
set of locks needed by a process. In other Words. 
foeeaess Of ~cOnMeUrrency “Control means that no dangling 
locks or locked resources are left behind the terminated or 
committed process, even in the presence of some failures. 
It is interesting to note that although deadlock detection 
Mena pares Of Concurrency control based on locking, there has 
been mo attempt to provide for or even to investigate the 
Meoustness of deadlock detection mechanisms. The most 
moesy explameteion for this 18S tmat from tne concurrency 
Segeror pore of view, the inability of the process to lock 
a needed resource is an exception to be handled by another 
mechanism, a deadlock detection algorithm (DDA). 

The proper way to see the DDA 1is8 as another transaction 
running under the concurrency control mechanism, as it reads 
aiceesdanres lock tateales with concurrency controllers and 
other Peansactlons. However, ERem POA 15) a ospecial 
transaction which operates on Special data it creates solely 
pormema@eadlock detection, ¢€.g., wait-for graphs. This data, 
called deadlock data, is internal to each invocation of a 
DDA transaction and ESMamerased” after rts ssexmecution. 
Moreover, deadlock data is not shared by any other DDA 
transaction invocations and therefore need not be locked. 
This means that thesrobustness required of DDA transactions 


POL aueesomewaasy differents kind wthan the robustness of 


eS 





Wet@oedeolons Operating on Shared database data. The DDA 
transaction therefore does not need to use a two phase 
Somme Provcocol to ensure its robustness. 

Conetdem the following informal model of DDA transaction 
execution. The DDA is invoked by a concurrency controller 
at a site at which a database transaction can not acquire 
locks which are being held by another transaction(s). The 
DDA transaction executes at one, several or all sites 
(depending on the DDA itself and the deadlock topology). 
(imeem: CS execution the DDA transaction should exhibit the 
Seoeme ChUy property, 1.e., it either executes correctly or it 
Gees mot execute at all. The results of DDA transaction 
execution is either of two messages to the concurrency 
Senugemler Which triggered it: 

1) Proceed = because of a) no deadlock 

b) deadlock detected but 
another transaction was 
selected as a victim 

2) Abort = because of a) deadlock detected and 

you are the victim. 
b) DDA transaction failed 

ieee mapter three, two classes of Single failures will be 
eonsidered. Pacem Che impecrm Of lost messages will oe 
analyzed and second, the impact of one site failures or. one 
Site partitions on DDA behavior will be analyzed. The 
impact of lost messages is analyzed because 1) not all 
distributed systems support reliable delivery of messages, 


2) several algorithms treat messages as resources [Ref. 3], 


and 3) in some applications acknowledgements cannot be sent. 


16 





me ie olS ON meBADLOCK DETECTION ALGORITHMS 


In this chapter, four published deadlock detection 
algorithms for distributed computing systems are examined 
with respect to the presence of the two classes of failures 
(lost messages and site failures) discussed in Chapter two. 
Although very few of them have already been shown to be 
Pemmecty when no failures or errors occur, their robustness 
is nevertheless worth analyzing. The assumptions made by 
Seacumeeutnor will be discussed in the context of how robust 
Miomaeceratcnm 1S. fach DDA will be analyzed by executing it 
in the following environment. 

There are four sites in the system, each of which has a 
Single resource and a single meansaer Lon (These 
restrictions merely make the example simpler, they are not 
required for the analysis.) The initial system status is 
Saevmmeaterilgure ¢c. Iransaction Ti at site A holds resources 
Pemecagmeen 5 and 1S Waiting for resource R4. Transactions [2 
diem @emmeonaene resources. Transaction T4 at site D holds 
resource R4, and is active. It is assumed that the deadlock 
Gevecelonmeaceivitcy resulting from [1] waiting for k4 nas been 
completed, so there is currently no deadlock detection 
activity in the system. An arrow from one transaction to 
another indicates that the first transaction is waiting for 


the second transaction to release a lock. hneserrow  1rom- ac 


17 





resource to a transaction indicates that the transaction has 
cueeee on that resource, while an arrow from a transaction 
CO aresource indicates that the transaction desires to put 
a lock on that resource. For the algorithms which require 
peeoDbal timestamps, Cimestamp (TS) t1 is assigned to the 
T1<--Re assignment, t2 to the T4<--R4Y assignment, t3 to the 
T1<--R3 assignment, and t4 to the T1-->R4 request. Now at 
some time t6, transaction T4 requests R3, resulting in a 


global deadlock T1-->T4-->T1. 


Site A Sieve. 8 Sites ¢ Sa-Ge: .D 
ci T2 T3 T4 

met t 

rr t Rp 4 R2 R3 ieeetis 
itd | | 
wl | +——+) 
| | Hower r eer ens----- = ! ! 
| $oe een n me oo + 
t= = = = e= f= fe e= eg ge eke ge | | ---/efeFfFF7Ff 22 = + 


Pig. 2 -- Initial status of deadlock example 


In the ease of a site failure, the following possibilities 
may exist. a) A site can have a transaction involved in a 
deadlock but not be involved in deadlock detection, 5») a 
Seeemmcan Gave a transaction involved in a deadlock and be 
involved in detection, ec) a site can have a resource 
involved in a deadlock and not be involved in detection, d) 
a site can have a resource involved in a deadlock and be 
involved in a detection, or e)a Site can be involved in 


deadlock detection but in no way involved ina deadlock. 


18 








A. THE ALGORITHM OF GOLDMAN 

In (Ref. 3], Goldman presents two deadlock detection 
peeesOrithms. Only the distributed version will be considered 
in this paper. A Process Management Module (PMM) at each 
eece handles resource allocation and deadlock detection. An 
iielemed Olocked process list’ (OBPL) is a list of process 
Mames, Cach of which is waiting for access to a resource 
feorened Lo the preceeding process in the list. The last 
mmeecsse in Che list is eéither waiting for access to the 
resource named, or it has access to that resource. An OBPL 
ls created each time a PMM wants to see if a blocked process 
ls involved in a deadlock. In the distributed algorithm, an 
OBPL is passed from a  PMM to another PMM which has 
MmifonMacion Cither about a resource or a transaction in the 
Pepe waten 1S mMeeded to expand the OBPL. Each PMM adds the 
information it Knows, and either detects a deadlock. detects 
a non-deadlocked state, or passes the OBPL to another PMM 
MOmmrurmimer Expansion. Ihe terms process and transaction 
Velieeeoeweused synonymously in the analysis of this DDA. If 
several transactions are waiting on one Eradsact ron, 
multiple copies may be made of the OBPL and sent to each 
svesaavyiaeg one of those walting transactions. Processes 
can be in either of 2 states, active or blocked (waiting). 
A blocked process could be waiting for a database object, 
message text from another process or message text from an 


~ 


Ppcmoeomeses process is active if it is not blocked. in the 


i 





algorithm, PX and RX are temporary variables representing a 


Peocesos Of resource. Ihe Steps of thé algorithm are: 
ee CCl aX tO "the value Contained in the “resource 
identification Dorelon of bhey (Gare. Tt hx 
Pev@escuils cd Wecalemes@urce, go tG 2- Otherwise, 
PHO CIS) Steve 


2. Verify that the last process added to OBPL is still 
Veppreneeeronmnt. it SO, gO to 3, otherwise, halt. 


pemeeet fA be process controlling RX. If PX is already 
in OBPL, then there is a deadlock. If not, go to 


4, 

4u. Views hocadlmtoncutrent PMM. go to 5, otherwise 
ZOnwo. | 

pemest ex 1S active, there is no deadlock. Discard 


Sere eadidetalvremoLrnerwise go to 6. 
peecads x to OBPL and go to 10. 


feacodmr ww and RX to OBPL. Send OBPL to PMM in site in 
wen PX resides. Halt. 


8. Verify that last process in OBPL still has access 
Eom KX. Pence enere donno deadlock. So discard 
Sree and halt. if so; go to 9. 


Waeeelasce Drocess in OBFL “1S. active, there is no 
deadlock, so discard OBPL and halt. Otherwise go 
ro. (0. 

Miemeecal) resource for which last process is waiting Rx. 


Mme ts local..20 to 3. ~Otherwise go cto 11. 


iliedlies Buea) hs in OBPL and send OBPL to PMM of site in 
WibeteenA resides. Halt. 


Figure 3 shows the actions taken at each site during tne 
execution of the DDA following the request by T4 for 


resource R3. The numbers refer to the current step being 


20 





Sveeuwed by the  DDA. AS can be seen, the algorithm 
correctly detected the resulting deadlock, in an environment 
Sueno faults. in, “Heweverm=era message iselost) (in this 
Peemigre, Cltner the OBPL Sent from site C to A, or the OBPL 
sent from A to D), the necessary information to detect the 
deadlock will be lost, and the algorithm will fail to detect 


an existing deadlock. 


Site A SsLve G oi te Dd 


10. Create OBPL with 
ioe c Come een  5 
De reOonerols ks. 
Pienoe ih Orr lL. 
ee lth eho Cac. 
veeenaa [| and-n3 £0 
Ose s and. send 


woesite fi 
ieioeank= R3. 
8. Tl has access 
eo 4. 
9. T1 waiting. 
oe oeceenk = R4. 
ieeerad KY to OBPL, 
send to site D. 
1. Set RxX=R4. 
ome! | Well uigg a oF 
R4. 
Bomoe tu wee a 4 
almeeady in OBPL, 
deadlock detected. 
Fig. 3 -- Execution of the Goldman DDA 
Goldman's algorithm allows the following types of sites 
discussed previously: type b (a site can have a transaction 


involved in deadlock and the site is involved in detection), 
type d (a site can have a resource held by a transaction 


involved in deadlock and the site will be involved in 


ea! 





@eadiock detection), and type c (a site can have a resource 
held by a transaction involved in a deadlock and not be 
involved in deadlock detection). A site could also be in 
several of the categories above, depending on the complexity 
of the system state. For example, site D could be considered 
ee be beOr type d =Site.” If a site of type b (sites A or D 
in this example) fails during execution of the DDA, the 
behavior could be different depending on the time of the 
mamiure. ifamecneustallure ‘occured at site A before site C 


sent the OBPL to site A, site C would realize that site A 


had failed. inewmaucort@enm ineludes no procedure for this 
occurence, so the behavior would be dependent on the 
underlying system. iiteene [atlure @t site A occured after 


memreceiyed the OBPL, all deadlock detection activity will 
cease, because only site A was currently involved in 
deadlock detection. A system timeout mechanism would 
eventually abort the transactions involved in the deadlock. 
A failure at site D would have the same effect as at site A. 

Meee Site of type d (site C in this example) failed, the 
time of the failure would again determine the behavior of 
Ome WDA] If the failure occured before site C sent the OBPL 
to site A, deadlock detection activity would cease without 
deadlock having been detected. If the OBPL had been sent, 
however, deadlock detection would continue at sites A and D 
(sequentially) with site D detecting a deadlock. The 


failure of site C would not have been critical after the 


Be 





Oaer fad been sent. The effect of a type c site (site B in 
this example) failing would have no effect on the behavior 
of the DDA, because the fact that R2 is held by T1 is not 
used or Known by the DDA at any site. 

There are essentially two types of OBPL's created by 
this DDA. The first type is when a process is waiting, but 
MSs mot involved in a deadlock. This OBPL is subsequently 
discarded. The second type is one which will eventually 
show a deadlock cycle. If there are n transactions involved 
in a deadlock cycle, this DDA will create from 1 ton 
OBPL's. In this example, only one was created. if wee ae 
request by T1 =for resource R4 hapened simultaneously with 
the request by T4 for resource R3, two OBPL's would have 
been created which would have resulted in two sites 
independently detecting the same deadlock, vice the one site 
memoirs Cxample. ” Ihnus the robustness of this algorithm with 
respect to a Single site failure is related to the ratio of 
mie Sumber of OBPL’s created to the number of transactions 
involved in the deadlock. This ratio is determined by the 
Pecuememnoe or Timing of transactions requesting blocked 
resources which is of a random nature. A ratio of 1 would 
provide the highest degree of robustness. When only a 
Single OBPL is created, the robustness of the DDA is very 
Simmelar to that of a centralized DDA; a single site failure 
can stop deadlock detection activity. ive ropu@stness of 


this DDA can therefore be analyzed but not predicted. 


ee 








Bee JHE ALGORITHM OF MENASCE-MUNTZ 

im [Ref. 5], Menasce and Muntz presented a distributed 
@eeatock detection algorithm. Gligor and Shattuck [Ref. 7] 
presented a counter example which showed the algorithm to be 
maeorrecy in that it failed in some cases to detect a 
deadlock. They also proposed a modification eG the 
algorithm which they thought would make it correct, but they 
felt the algorithm was impractical. In (Ref. 8], Tsai and 
Belford show that the algorithm as modified by Gligor and 
mmaeruck 1S also incorrect. 

The algorithm constructs a Transaction-Waits-For (TWF) 
Srapn at originating sites of transactions which are 
potentially involved in the deadlock being detected, and at 
Sites aumewmen some transaction could not acquire a 
resource. Nodes in the WF graphs represent transactions. 
An edge (Ti,Tj) indicates that transaction Ti is waiting for 
transaction Tj. <A non-blocked transaction is a transaction 
that is not waiting and is represented in the TWF graph by a 
Hoae With no outgoing arcs. A blocked transaction is 
Meummen: OY some transaction to finish. A "Blocking set" is 
defined as the set of all non-blocked transactions which can 
be reached by following a directed path in the TWF graph 
Starting at the node associated with transaction T [Ref. 5]. 
—eorree (rl) is 2a “blocking pair” of T if T' is in the 
puioeimme seeor T. A “Potential Blocking set" consists of 


all Vebewinemecransactlons that can be reached from TI 


24 





[Ref. 7]. Sorig(T) means the site of origin of transaction 
ait Sk is the site currently executing the algorithm. The 
rules which define the enhanced algorithm, as executed as 
emepe ok, are: 


Rule 0: When a transaction T requests a nonlocal 
eosoumee Lleis marked “walting”. 


Rule 1: The resource R at site Sk cannot be allocated 
PombGansacelove |] because it is held by 171, «2.,Tk. 
Add an are from ~— to each of the transactions 
tt thre metre 1s then a cycle formed in the 


TWF graph, deadlock has been detected. Otherwise, 
BOGE ecach —tbradsacetion 1’ in blocking set({(T), send 
MaicmDioQcKhi Mem patil, ’) tO sorig(l) if Sorig(T) 
emo weandero SOrig(!' ) if Sorig(T') =/=2= Sk. Form 
ames’ Ol "Oevential blocking pairs associated with 
Ps 


heme A@eLOcKing pair (T,1T') is received. Add an 
fee se irom [ to 1” in the TWF graph. If a cycle is 
formed, then a deadlock exists. 


Pomeemeeeet:) if T° 1s blocked and Sorig(I) =/= Sk. then 
POmmmciaicams CUransaction TIT” in the blocking set(T), 
Emcee te Dloextne pair  (T,1"%)—- to Sorig tT") if 
eerig(i’) =/= Sk. 


topeemeee. If | 1s Walting and Sorig(T) = Sk, then for 
Sacummpovemumae blecking pair (T',T) send the 
bemeterite Dair (1,1) Go Sorig(i') if Sorig(I") =/7= 
SK < Then, discard the potential blocking pairs 
(T",T) and erase the "waiting" mark of T. 


Figure 4 shows the actions taken at each site during the 


execution of the DDA following the request by T4 for 


resource R3. As can be seen, the deadiock was correctly 
detected by site A, in absence of failures. If the request 
message (T4,R3) from site D to site C was lost, however, 
deadlock detection activity would cease. If the blocking 
Bamiectt,l1) from site C to site D was lost, site A would 


BS 





peril» detect the deadlock. If, however, the blocking pair 
Miaye)) from site C to site A was lost, site D would apply 


mule Cc. lemcnCrrunCwmeriINs Or 92.2 applies, somdeadilock 


Gehection activity would cease. 


Site A Site C Site D 


T1 --> T4 


(T4 requests R3) 
O. T4 marked waiting 
(T4,R3 received) 
1. T4 ==> T1 


Bloc see (T ) 
{T1} 
Sencdmecl4,11) to D 


and A. 
PowcieuLal Bloeking 
pales = NL, 
(T4,T1) received. Ci lal) =Recemryed:. 
T1 -=> T4 T4H ==> T1 
+—------ “+ 
Deadlock Detected. 
Fig. 4 -- Execution of the Menasce-Muntz DDA 


This algorithm allows sites of types b, ec, d and e, 
although this example does not include a site of type e. If 
a type b site (one having a transaction involved in the 


deadlock and the site is also involved in detection) failed, 


Mmimeneesmexamole Site A (or site D), the behavior of the 
algoritnm is dependent on the time of failure. If site A 
failed before receiving the blocking pair (T4,T1), site C 


Wore recosmize the failure, but its action is not specified 


Moeetme Piles of the DDA. Site D would not detect the 


26 





deadlock for the same reason as if the message from site C 
Memsite A Was lost. If, however, the failure occured after 
Suemme. received the blocking pair, deadlock detection 
peeryicvy would continue (at site D) but deadlock would not 
be detected. Demitawburemon site D, also a type besiteseat 
any time, would have no effect on detecting the deadlock in 
this example. it Wamesioeme Sive failed (site 8), it would 
Mave mo effect on detecting the deadlock. If a type d_ site 
eouewesiailed, the time of its failure would determine the 
wemarror of the ODDA. tvVoeluueeiaidked) before séendine the 
Mocking Dalr to sites A and D, deadlock detection activity 
would cease. If it failed after sending those messages, it 
would have no effect on detecting the deadlock. 

For this example, this algorithm behaved surprisingly 
Piwamly tO Goldman's algorithm in almost all types and 
Pttnes OL failures. This may just be an anomaly found in 
small deadlock cycles, because in longer and more complex 
scenarios, it would appear that more sites would be involved 
in detection, and that there would be some duplication of 
information. As the number of transactions (and resources) 
involved in a deadlock cycle increases, more blocking pairs 
Pigmpearedt ral blocking pairs will be sent to more sites, 
i.e., the number of sites detecting the deadlock increases 
with the number of transactions involved in the deadlock and 
With the deadlock topology (or complexity). Thus there will 


Bemmore semeance of a deadlock being detected, as more 


ete 





parallel detection activity will be in progress. eG 
appears, then, that as the site and complexity of deadlock 
Mtereadses, tne robustness of this algorithm increases. 
mewevyer, as pointed out by Gligor and Shattuck. the effect 
memeruee 2.2 discarding information too early may have some 


impact on the increased robustness. 


mee THE ALGORITHM OF OBERMARCK 


weoamaee< Ss distributed algorithm [Ref. 1] constructs a 


Bransaction-waits-for (TWF) graph at each site. Each site 
conducts deadlock detection Simultaneously, Daiss eng 
Mootmatlon tO One other site. Deadlock detection activity 


at a site may become temporarily inactive until receipt of 
new information from another site. Obermarck states tnat in 
feelcameot@ectlece, synchronization (not necessarily precise) 
between sites would be roughly controlled by an agreed-upon 
interval between deadlock detection iterations, and by 
timestamps on transmitted messages. Nodes in the graph 
represent transactions, and edges represent a transaction- 
Memboemor=transaction (IWFIT) situation. Awe OGh iets es ca 
imesteotsiwrh information which is sent from one site to one 
Or more Sites. In the model of transaction execution used dy 
Obermarck, a transaction may migrate from site to site, in 
which case an "agent” represents the transaction at the new 
Site(s). A communication link is also established between 


agents of a transaction. These communication links are 


28 








Bepresented by a node called "“External.’ An agent which is 
expected to send a message is shown in the WF graph by EX-- 
mwolle an agent waiting to receive is shown by T-->EX. 
Although Obermarck's algorithm includes the resolution of 
@eadlocks, only the detection part will be considered in 
tails analysis. Transaction ID's are network unique names for 
transactions, and are lexically ordered. (For example, T1 < 


Me < 13). The steps performed at each site are: 


ieee d aeiwr graph using transaction to transaction 
Wait-for relationships. 


Eeeeooraln and add to the existing TWF graph any 
mserines transmitted from other sites. 


for each transaction identified in a string, 
create a node in the TWF if none exists in this 
Susu ec. 

DemeooOr eaemmetranSaction in the string, starting 


Mem the first (Which is always “external"), 
create an edge to the node representing the next 
weansaez lon in the string. 


3. Create wait-for edges from “external” to each node 
representing a transaction's agent which 1s 
expected to send on a communication link. 


4. Create a WF edge from each node representing a 
transaction's agent which 1S waiting to receive 
maemea communication link. to “external.” 


See aeey Ze ecme 8raph tor cycles. 


oe After resolving all cycles not involving 
Meommernal’, iitfethestransaction ILD of the node for 
which “external” waits 1S greater than the 
irwansaecilon “Dor the node waiting for "external", 
then 


Pamlacdmanorm Lhe Cyclé into a string which starts 
mimeneee externa’. followed by each transaction ID 


eS, 





in the cycle, ending with the transaction ID of 
Ties Mode Walling tor ‘external. 


b. Send the string to each site for which the 
transaction Cermainiatame the string is waiting to 
recelve. 

In his proof of correctness, Obermarck shows how the 
algorithm can detect false deadlocks because a_e string 
received at a site may no longer be valid when it is’ used. 
He discusses two methods of handling false deadlocks; treat 
mocmmasmactuial deadlocks(if they don't occur too often), or 
verify them by sending them around the network and have each 


Site verify them. 








>T1---->T4 


Fig. 5 == Initial conditions for the Obermarck DDA 


T1 is i df at aE aE dE aE 





Figure 5 shows a global picture of the system, including 
the communication links established between agents, for the 
motecial Conditions of this example. The agents of Ti at 
sites B and C have performed work (used R2 and R3), and are 
fe@eine 1Or the next request from Tl at site A. 171 ate site 


[nc atcinee tor 1tS agent at site D, which is in resource 


30 





_ 





Wait for T4. Figure 6 shows the actions of this algorithm in 
an environment on Gommemerrors. As can be seen, it 


pueeessiulliy detects the deadiock. 


Site A Seven. 5 See e* 3G Site D 
T4 requests R323 
An agent of 
ts 1s.)tormed 


1,3,4: each site starts detection and builds WF graph. 


Wi ——>E T1-=>EX T1]2=>EX==>T4 EX=-=>T1-->T4 
| : | 
= =~ --------- + ++eeeee2---- - 
5: list elementary cycles 
T1-->EX--T1 EX=>T4=->T1=->EX EX=>T1=>T4=dEX 
OP PvORmmour lap 
Coe ia tal 
Send sve 7h. 
TE aaa 
T1--£=>EX 
| | 
-<---- ~ 
Semeotrm string 
Give 14.71) 
Sema tO D. 
Exe 
~-—_eeee eee = 
EX-->Ti-->T4 
! 
ee oe 
5: Deadlock detected 
Fig. 6 -= Execution of the Obermarck DDA 
Obermarck assumes that messages sent are received. frhis 


mombessential to the correctness of this DDA, because 1t is 


Bu 





easy to see what happens if a message is lost. If the 
poeem@e CEA, T4,01) from site C to A, or from A to Dwere 
ijamemeeccadlockK defection activity would cease without 
detecting the deadlock. The use of agents to represent 
transactions which have migrated to other sites allow this 
DDA to have nodes of types a or »b, if ‘agents' is 
BliosmeecUted fOr ‘transactions’ in the definitions at the 
Pectmmenee ol this section. Site B would be an example of a 
type a site, while the other three sites would all be type b 
Sives . 

A failure in site B would have no effect on the behavior 
See aemllA. A failure atv sites A, B or D would either have 
no effect, an undetermined effect, or cause deadlock 
detection activity to cease, depending on the time of tne 
Homure.) fOr example, if site C failed before sending the 
memimeecus..,f4-11) to site A, deadlock detection activity 
Would cease. If site A (or D) failed before the string 
Siete fa) ewes Sent to them, the transmitting site would 
recognize the failure, but its action in that eventuality is 
femme luded in the steps of the DDA. tf site C failed 
after sending the string, the detection activity would 
continue, and the deadlock would be detected. 

This DDA appears to be potentially more robust than the 
previous two. Each site contains and retains more 
Mameninaeron lm@eits WF graph, and all sites start detection 


activity simultaneously, and potentially stay involved for 


Be 








the entire detection process. The use of the lexical 
ordering of nodes was for optimization of the number of 
messages transmitted. If this constraint were lifted, the 
strings would be sent to all sites involved from all sites 
in which a cycle existed. In this example, this would have 
allowed sites A and D to simultaneously detect deadlock. 
The DDA would be clearly more robust, but the overhead would 
Bee greater. In its existing form, this DDA's robustness is 
Similar to the previous algorithms because it is essentially 


sequentially detecting the deadlock. 


Pee meenlGORLIoM OF TSAI AND BELFORD 

DM~~enctamsot, tsai and Belford present a distributed 
deadlock detection algorithm. They utilize a “Reduced 
jTransaction=—Resource" (RIR) graph, which contains only a 
Bisco umeOtrmeuae tranSactlon resource graph, but has all 
relevent TWF edges. Nodes) i neetnem wih <craph- -can be 
Pacmedectoms Or resources. ine algorithm uses a concept the 
wig@onsecai! a “reaching pair", which is the basic unit of 
Maogicuaonmesassed) from Site to site. If a path Tilj...Tn 
can be formed by following TWF edges, and if there is a 
request edge (Tn,Rm), then Ti "reaches" Rm, and (Ti,km) is a 
“reaching pair." Five types of messages are sent between 
Saves: reaching messages, nonlocal request messages, 
allocation messages, release-request messages, and releasing 


messages. The non-local request messages include a list of 


33 








melenesources currently held by the requesting transaction. 
Five different types of edges are distinquished in the RTR 
Beeaph : requesting edges, allocation edges, TWF edges, 
resource reaching edges and transaction reaching edges. A 
global timestamp is also used to establish an ordering of 
events. This timestamp is used on allocation, request and 
reaching messages, and on allocation and reaching edges in 


Me@emen UR Sraph. The notation used in the algorithm is: 


TS(M): timestamp of a message 

Voce cUrnent system time 

TS(A): timestamp of an allocation edge 
TS(R): timestamp of a reaching edge 
Sore: iolte of origin 

==: Not equal to 


iewsteps of the algorithm (as executed at site Sk) are: 


Meoomieeeineecransaction T enters the system requesting a 
nonlocal resource R} Add request edge (T,R) to RIR 
graph. Send request message CO! See to 


Semae (Rh), where RK’ is the set of all resources 
ppeuci@avedecO. Dewand Ts(M) = Ts(C). R' has each 
DHi@wemartsiened.. and Rh" ais empty if T molds no 
resources. 


peepeiae 1h transaction T releases a noniocal resource R } 
Erase edge (R,T) in the RTR-~ graph. Send a 
release-request message(R,T) to Sorig(R). 


ppecme met transaction T enters system requesting local 
resource R} Go to step 4. 


Pwopmeae toe transaction T releases a local resource R} Erase 
edge(R,T) in RTR or apie If there is any 
maemiedetton IT’ Waltinge for R, then begin 

Add allocation edge (R,T') to RTR graph with 
TSCA) = TS( Cy oenda allocation message 
See ts) ewith Toc e= TS(C) to Sorig(l") iF 
Somen(l' ) =/essk. end. 


34 





Step 3: 


SLeD 3a: 


Step 4: 


Step 5: 


Step 6: 


{A request message (T,R',R,TS) is received} Add 


eeeOcctaNeimmccates se nin !) for each Rian R' to RTR 
graph. Go to step 4. 


{A release-request message (R,T) is received} 
Erase allocation edge (R,T) in RTR graph. Send 
Metecaostag Messa@emwanel) tO Sorig(T). If there is 
any transaction T' waiting for R, then begin 

Add allocation edge (R,T') to RTR graph with 


Sh) = TS(C). Send allocation message 
Cero) toe oomte  1') If Sorig(l! )~ s/=2 —Sk. 
end. 


If R is not held by any transaction, then begin 


N@Gua i LOGCautonmmedgee (RT) with TS(A)=TS(C) te 
ReWR grape If Sorig(T) =/= Sk, then send an 
arnecatbloummessage (R,T,1S). with -TS(M)=IS(C) 
BOs oO hei end - 
else begin 

Add requesting edge (T,R) to RTR_= graph. 
Suppose R is held by transaction T'. Add edge 
Girl ero RIK graph. If there is a evcle, 
deadlock has been detected, else go to step 
5. end. 


{reaching message generation step} lf @eehere Fare 


mueomeadees (1, Rieand (1,71) added fo the graph, and 
Melis. 1 TS samy path obtained by following the 
TWF and transaction reaching edges, then set =i 
mt wires Clulgolmgeedge £60 KR”, else set X = R. 
For all transaction Ti in RTR graph reaching X via 
T, do begin 
intr holdseany resource © R" with Sopmig(Ti) 
=-woOhracn ) wand soOrig CR’) =/= Sk, then send 
eapiaccememicamessage (Tie xX,TS) to - Sormeck'). 
Po Sori inue=7 = oK and [1 =/=- 7, then send <a 
reaching message (Ti,X,TS) to Sorig(Ti). Ie 
Somat) aa SK eanGs li. = 1 and A = Kh tne 
send a reaching message (Tithe to 
Sorig(Ti). The TS in the reaching message is 
Soweto Uoce eit triggered by a ltocal request, 
aname set to [S(M) of the nonlocal request or 
reaching message otherwise. 


Ps 


{An allocation message (R,T,TS) is received} If R 


is an entry in the graph, then begin 
Erase allocation edge (R,T') and all reaching 
pemes  <1"',R). Wien, TSCR). < IS{(M) and the 
corresponding TWF edge (T,T') and transaction 
meachine (edges (f"'2'), 11 they ex1lst, where 
ii s/= T. Change requesting edge (1,R) to 


Be 





altecavion ~edee. (R.T) with TSCh) = TS(M) if 
(T,R) exists, and for each resource reaching 
pdcCwuG@ewenomadea the transaction rceaching 
ccc wm! sonte(T) = ox, “wake Up 
Bransactilon T. end. 


peep 6a: {A releasing message (R,T) is received} If 
Some) =eskemiwakce wp transaction T. 


Step 7: {A reaching message (T,R,TS) is received} If there 
exists an allocation edge (R,T') in the graph with 
ieee lo. A) andei” =/= T, then skip this step, 
else begin 

Add resource reaching edge (T,R) to the RTR 
graph. Peiehoemeld by transaction [’, then 
add the transaction reaching edge (T,T') to 
the graph. If there is a cycle in the graph, 
there is deadlock (go to step 8), otherwise 
POmCONStepr oO. “end. 

Step 8: {a deadlock has been detected} Take appropriate 
aeuLon. 

Pietro, SNOWS tne starting WF graphs and the actions of 
cee resulting from the request by transaction T4 for 
meeoumecens. An important item to note is that as soon the 
Becuesuesls made, step 1 adds sufficient information to the 
WF graph to detect a deadlock, but does not check for 
deadlock, so the request is sent to site C and the algorithm 
SPonutnwes. Ihe obvious thing to do would be to add a check 
HOuemramedeadlock cycle in step one, but on closer analysis, 
eimomemec« may lead to detection of false deadlocks (if, for 
example, T1 had just released R3 but the message had not yet 
been recelved by site Des ihererore une ae leeoritnm in 2s 


present form will be analyzed. The only message sent by 


aeesmceeGricnm in cnhis example 1s the request message 


36 





een) R3,¢6). If it was lost, the current algorithm 


would cease detection activity without detecting deadlock. 


In this instance, if the algorithm checked for deadlock in 


Step 1, it would have been detected with no messages 
required. 
Site A Site '. Tie Sipesp 
T1<--R2 T1<--R2 T1<--R3 T4<-=-R4 
ll Gp } ! ~ 
| | 
oor +-=->R4Y +-=->R4 Picdst 
: 
+—-—-=->R4 iaee 
t—-—=>K3 
(T4 requests R3) 
Ts add “Gigek 2) 
Scigde (0) UR en oe on 
Goryeo 
+—-T4U<--R4Y 
; eal 
| Tl--=+ 
| Tf 
| y+oe--R2 
psp aS 
| 
cates | 
Ss add (ht, Fa) 
4: add (T4,R3) 
add aC rir 1) 
DEADEOCK DETECTED 
T 1<--R 3< + 
! ! 
! | 
+--=>R4->TY 
Fig. 7 -- Execution of the Tsai-Belford DDA 
Hemmer als DDA. sites can be of type b, d or e. Sites A 


and D are type b and sites B and C are type d. This example 
fetemereeuype e€ Sites, but for otner examples, step 5 of the 


algorithm could send reaching messages to sites not involved 


at all. Those sites would execute a step or two of the 


336 








algorithm, but not be intimately involved in the actual 
meacdemecm aevection. In this example, a failure of sites A 
or B (types »b and d respectively) would have no effect on 
the deteetion of the deadlock. The effect of a failure of 
Site C before the reaching message was sent to it cannot be 
determined because the DDA includes no instructions for that 
event. A failure of site C after receiving the reaching 
femsage would result in a cessation of detection activity. 
If the algorithm were modified to include a cycle check in 
step 1, a failure of site C at any time would have no effect 
on deadlock detection. The timing of tne failure would also 
determine the behavior of the DDA if site D failed. If Site 
D failed before sending the request mesSage, detection 
activity would cease, while if the message had been sent, 
deadlock would still be detected. 

For this example, this DDA appears to be about the same 
level of robustness as the other algorithms, except that 
each site contains and retains more information than in 
@ugen DPA'S. This indicates that it should be more robust. 
The algorithm in the case of this example was able to detect 
the deadlock with only the resource request message. AS 
deadlock cycles become more complex, it appears that this 
algorithm will also become more robust, even more so than 
Obermarck's, because this DDA retains more information, and 
it will send reaching messages to any site potentially 


involved in the deadlock. Detectlonme gecbivity —-will* occur 


38 








Simultaneously in those sites receiving reaching messages. 
The impact of the inclusion of a cycle detection in step 1 
May have adverse effects on the correctness, but it might 


greatly enhance the robustness of the DDA. 


eee "CONCLUSIONS 
The algorithms discussed in the previous section can be 
loosely ranked by their robustness. Goldman's algorithm is 


the least robust, because it is always executed sequentially 


(unless the requests occur simultaneously, as discussed 
previously). Thus it is always dependent on a single node. 
Obermarck's algorithm starts deadlock detection 
Samuacaneousliy at all sites, and Subsequently passes 


information in a lexical manner because of the message 
Seermezacton. For the example used for the analysis, this 
resulted in a sequential detection, although for larger 
deadlock cycles, it may have some parallel detection 
ew vac y eceuring. The Menasce-Muntz algorithm starts 
detection at the site where the deadlock occured, and 
deadlock detection is subsequently conducted at sites which 
are potentially involved. In the Tsai-Belford algorithm, 
deadlock detection can occur Simultaneously at all sites 
potentially involved in the cycle. It appears more robust 
than the Menasce-Muntz algorithm because more information is 


neid at each site. 


3 








The above analysis SUDDOrTS the rather Obvious 
conclusion that a deadlock detection algorithm's robustness 
momamteectlhy related to its cost. The Tsai-Belford algorithm 
appears more robust than Obermarck's algorithm, for example, 
but it maintains larger WF graphs at eacn site, and is 
invoked each time a resource is requested, in order that the 
WF graphs contain sufficient information. 

For the example used to analyze the four algorithms in 
Chapter three, the behavior of each of those algorithms in 
the presence of errors is almost identical. Because the 
deadlock cycle only involved two transactions, those 
algorithms which are potentially more robust in the presence 
of larger ecycles, did not have time to demonstrate their 
meeust~ness. in other words, for a short deadlock cycle, all 
the algorithms converged within approximately the same 
length of time (two or three iterations.) Short cycles of 
length two 216 three are more probable in existing 


applications, so all the above algorithms are approximately 


equally BObUST in enirr ema appli catvionss In future 
aoptereeerons (information utility programs, for example), 
however, amuch higher probability of more complex deadlock 


eyecles is expected, which will require a more robust DDA. 
Conversely, however, as the number of transactions (and 
sites) increases, it will be important to use a minimum cost 


BD asec 


40 








Pi eieeenoroonl ALGORITHM 


ee ENT RODUCT ION 

The proposed algorithm assumes conventional distributed 
two-phase locking and two-phase commit protocols as 
described in [Ref. 4]. Two types of locks are supported; 
Exclusive Write(W) and Shared Read(R). These locks, once 
meeaiecad, are neld until the transaction commits oor aborts. 
Pad@recbonally, there is an Intention Lock (I) which indicates 
maces ce Uratsactvilon wishes to acquire a lock on a resource, 
Serer commodity it (IW) “or to read it (IR). Intention 
Locks are placed on a resource when an agent is created at a 
site of a locked resource which it requires, or when a 
resource at the Same Site is requested but is already locked 
ye anouner transaction. These Intention Locks are not the 
same as the Intention Modes used by Gray when he discusses 
OGmeearcatea! locks in  fRef. 4]. Gray uses the Intention 
mocdemtes tae” ancestors of a resource in a hierarchical set 
Seerecources aS a means of indicating that locking is being 
leomemoaeey finer” level of granularity, and therefore 
peeventtane locking on the ancestors of the resource. 

Merransaction | also modifies its lock “entry of the 
resouree it has last locked by adding information that 
specifies which resource T will attempt to lock next. This 


modification is made as soon as T ean determine which 


4 4 








resource it will require for its next execution step. The 
Meco 10Or locks are the same as for conventional two-phase 
locking; any number of transactions ole agents may 
Simultaneously hold Shared Read locks on a particular 
resource, but only a single transaction or agent may hold an 
Exclusive Write lock on a resource. Any number of Intention 
Locks (IW or IR) may be placed on a resource, which means 
that any number of transactions may wait for a resource. 
Each site must therefore have some method for determining 
whieh transaction will be given the resource when it becomes 
mm@eeme stea as FIFO (First In, First Out.) 

iie Noeks can be of any granularity. It must be 
remembered that a very small granularity (for example, 
individual fields within a record) will result in very few 
fio ecto DUtT the cost of the additional locks required to 
lock smaller fields increases. Conversely, a large 
granularity (possibly complete records) will result in many 
nock ime scontlicts, but little cost due to the actual locking 
oo resources... Tinea Omeoosecdm aleorithmedoes not require a 
Seocemmie level of lock granularity. 

Dae Lock History (LH) of a transaction is a record of 
all types of locks on any resources which have been 
Goguesvedsoruaresneld by that transaction. Each resource ID 
Sonmemis avsite identifier. An example of a Lock History for 
Mimensection 17 is LH(T1): {WCR3C), WC(R2B), RC(RIA)}. This LA 


shows that T1 holds a Write Lock on resource R3 at Site C, a 


He 





Write Lock on resource R2 at site B, and a Read Lock on 
resource R1 at site A. 

The information contained in a Lock Table for a resource 
micuudes a) the transaction or agent ID and its Lock 
mse oOny,) 0) the type of lock and ¢c) the resource (and type 
of lock) which that transaction holding this lock intends to 
Pocwenext. Ihe field containing the current lock will be 
@ouemrcd tO as the “current” field of the Lock Table, and 
the field containing the future imMeent ions on Eat 
transaction holding the "current" lock will be called the 
ieee  tteld. For clarity, Loek Histories will be shown as 
separate entities. An example of a Lock Table is LT(R2B): 
Mmeonery, IWCR3C)}; T2{IW(R2B)}. The Lock Table Lor 
moceureo she at site B shows that T1 holds a Write Lock on 
R2, and that T2 has placed an Intention Write Lock on Re. 
11 has also indicated that it intends to place a Write Lock 
Sue resource R3 at site C. 

The proposed algorithm also assumes a distributed model 
of transaction execution where each transaction nas a Site 
Cpmeutorm (SOrig), which is the site at which it entered the 
system. Whenever a transaction requires a remote resource, 
amiesamrce at a site other than the site it is currently 
eevee Tiacratves” to the site where that resource is 
located. Migration consists of creating an "agent" at the 
new site. The transaction agent then executes, and may 


either create additional agents, start commit or _ abort 


43 





actions, or return execution to the site from which it 
migrated. This transaction model is consistent with recent 
Pmemoeaoire [Refs 1, 2i. amen a transactiom migrates, it 
metiecewhtn It certain information from its previtous site. 
mimcmetmetucdes its Lock History and a condensed version of 
mete otce Ss latest wWait=ror Graph, which will be termed» a 
Maret—ror String GWES). 

A Wait-For Graph (WFG) is constructed by the deadllock 
detection algorithm’; using the oxel Histories On 
transactions which are possibly involved in a deadlock 
eyete, any time a transaction or agent attempts to place a 
MOerwon a resource which is already locked, or when it 
Gececrmenes that aremote resource will be required. There 
are two types of nodes in the WFG; transactions (or agents) 
ama resources. A directed are from a resource node to a 
transaction node indicates that the transaction has a lock 
Om the resowrce, while a directed are from a*transaction 
Mememeea resource indicates that the®transaction has placed 
Sueeetmeention Lock on that resource. A directed are from a 
transaction node to another transaction node indicates tnat 
mio Sfirst Wransaction is waiting for the second transaction 


to release a lock on a resource. 
hme ANEFS is a list OL wransacelLon- = Waits — for = 
Umemeeernem@s strmnes (obtained fromethe site's@WFC), in which 


Seer Geansaeteion is waitdne for the next transactdon in tne 


Soeenee amde the Lock “History for each transaction in the 


44 





eames For example, the WFS CT TCR eA). IW(R3B)}, 
[iieiekoe)}) shows that T1 is waiting for T4, and each 
Pmeeancaetion's Lock History iS in brackets. A transaction 
may also bring along other information such as a metric 
Goomesceneing 16S execution cost, but such information is not 
mielmluged in this thesis as it is outside the primary 
munecion of the proposed deadlock gqdetecror- Eacn 
transaction or agent will have a globally unique identifier 
memovwinmaiceres its Site of Origin. 

Agents can be in any of three states; active, blocked 
(waiting), or inactive. An inactive agent is one which has 
done work at a site and created an agent at another site or 
returned execution to its creating site, and is now awaiting 
Miiptigere instructions, Such aS commit, abort or become active 
again. A blocked transaction is one which has requested a 
mesourece wWaicn is locked by another transaction. An active 
agent is one which is not blocked or inactive. To allow 
concurrent execution, a transaction may have several active 
agents. 

Each site in the system has a distributed deadlock 
detector, which performs deadlock detection for transactions 
Sumaeem@es sae that Site. Several sites can simultaneously be 
working on detection of any potential deadlock cycle. 

The basic premise of the proposed algorithm is to detect 
deadlock cycles with the least possible delay and number of 


inter=-site messages. Based on the findings by Gray and 


45 





others [{Ref. 9] that eycles of length 2 occur much more 
meequently that cycles of length 3, and cycles of length 3 
occur much more frequently that cycles of length 4, and so 
on, the proposed algorithm uses a staged approach to 
G@eadlock detection. There are basically two types of 
deadlock cycles to be considered; a) those which can be 
Geeeccted USing only the information available at a site, and 
b) those which require inter-site messages to detect. In 
the proposed algorithm, the first type has been divided into 
Mmromrevels of detection activity. Because the proposed 
algorithm checks for possible deadlock cycles every time a 
remote resource is requested or a local resource is 
requested but already locked, the level one check should be 
as quick as possible. If the requested resource is still 
Mereeeavailable after X units of time" [Ref. 4], then the 
probability of a deadlock has increased sufficiently to 
justify a more complex and time-consuming check in level 
two. Therefore the proposed algorithm has three levels of 
deadlock detection activity. Levels one and two correspond 
Pemeiemnirst type of deadlock cycle, while level three 
corresponds to the second type. The first level is designed 
MemaGetecr cycles of length 2, altnough certain more complex 
deadlock cycles could be detected, depending on the topology 
of the deadlock cycle. This level uses only information 
available in the Lock Table of the requested resource if the 


feeeumeests local, or the last locked resource if tne 


46 





requested resource 1s at another site, and in the 
transaction Lock Histories of the transactions in that Lock 
Table at the site. Due to the information contained in the 
Siext fteld of the Lock Table and in each transaction's 
Bock History, this level of detection activity can detect 
Geadtock cycles of length 2 (and possibly longer) involving 
one or two sites. 

Momaneecxample, let transaction T1 at site A Write Lock 
Besource Ri. Pew —tramedetlom 12 at site  BeWrite Lock 
Meseurce nc. Ineése locks would be placed in the Lock Tables 
of the respective resources, and also in the Lock Histories 
for the respective transactions. iransact ion T 1 now 
Zewemieeaes that it must lock resource R2, so it places that 
mmeormanlom in the "“Next" field of its lock entry of 
mecourece hi and in its Lock History. It then migrates to 
Seeecmc mew gete 1S agent places an Intention lock in the Lock 
Table for R2, and then becomes blocked, waiting for resource 
Re to be released. A level one check is made using the Lock 
Table of R2, showing no deadlock cycles. Now transaction Te 
Gevermmines that it requires a Write Lock on resource Ri. it 
Cuetec tlat information in the “Next" field of its lock 
eee elie Lock Table of R2 and in its Loek History. 
eePOreml2 "mMlerates to site A, level one of the deadlock 
@euececron algorithm looks at the Lock Table for k2 and 


Moepmces = enat fl is waiting for Ke. It therefore combines 


47 





the Lock Histories of all transactions holding or requesting 
Meeesmon Khe (11 and T2) into a WEG, and detects a deadlock. 
Mimedtoceexample, the cost of creating an agent of T2 at 
Site A was saved by a very quick check for cycles of length 
two. Inasmuch as the majority of deadlocks occurring will 
be of this length, this simple and inexpensive check will 
detect the majority of deadlocks as they occur. If, in the 
example Speeyy given, Bigantcace LOnsS a4 and 2 had 
Simultaneously determined the need for locks at the other 
Site, the initial level one check would not have been 
performed becauSe no transactions were waiting for those 
resources. Both transactions would have migrated and placed 
Intention Locks at the new sites. A level one check is then 
made at each site when it is noted that the requested 
memeuree 15 NOG available. Each site constructs a WFC from 
MiemecenmutsvOories of the transactions in the Lock Tables of 
the requested resources, and each site will detect a 
deadlock cycle in the WFG without any inter-site messages. 
Bem if thesfirst level of detection activity fails to 
detect a deadlock cycle, there can still be a more complex 
deadlock cycle in existence. The second level of detection 
activity requires more time because it constructs a WFG 
ioticmeaeetock information available at the site, i.e., Lock 
iaemnarion trom ail resource Lock Tables at the site. If 
we assume that more complex deadlock eycles are 


comparatively rare, it is advantageous to "wait X units of 


48 





fet 6Ch[ Ref. 6] before starting the second level one 
Bewectlon activity. VemcmeransactlOn wis stiri waiting to 
acquire a lock after these X units of time, the probability 
of a more complex deadlock cycle existing has increased 
sufficiently to justify a more comprehensive check. As 
previously mentioned, the second level still attempts to 
detect a cycle using information available at the same _ site 
where the transaction iS waiting for a resource. Each site 
Maintains the latest WFS brought from each Save by 
Meaisaevlons wileh have migrated to that site. In addition, 
femmuratisaculon has a copy of its Lock History. The Lock 
Eeeeories of ~all blocked or inactive transactions at the 
paeeowaonGdeene Lock Histories from all transactions in the 
WFSs from other sites are combined into a new Wait-For 
Graph. If no deadlock is detected, it can either be because 
peeeetiiere is no deadlock, or b) there is a deadlock but this 
site does not have enough information to detect it. Case a) 
Gave ccecur either if all transactions being waited for are 
SUereialy at that Site and active, or have migrated but are 
still active. If all the transactions being waited for are 
currently at that site and active, deadlock detection 
Petayiuy scans stop, because there can be no cycle in the Wrc. 
If, however, a transaction has migrated to another site and 
therefore the current site does not have sufficient 
information to detect whether that transaction is active or 


blocked, this site's information must be shared with other 


49 





Pees everdcevenmine if the transaction which has migrated is 
active or is blocked and involved in a deadlock cycle. This 
Saarrme Of intormationm constitutes the third level of 
aeteeulon activity. 

Because level three involves inter-site communication, 
it might be advantageous to wait Y units of time before 
Senvcinuing In Order to inerease the probability of the wait 
socincnon. DelnNgean aeunalbedeadlock. After Y units of time, 
when the DDA is ready to continue, the WFG is condensed into 
ae WES. Piece como cielmsemy co Other sites. The sites to 
MiecmmnmemNr outs seny Can vary. in the version presented 
ecco ls sent to the Site to which the transaction being 
waited for has migrated. Other possibilities are discussed 
Pmeciiawcer Six. When a site receives a WFS, 1t substitutes 


Mem tavest Lock Histomies for any transaction for which it 


nas a later version. It then constructs a new WEG and 
SmecKks 167. cycles. ieee CYClloumis es tound. it must be 
resolved. If amy  Sransacvions are Walting for otner 


Paaicdwnetcmwalen Mave Migrated to other sites, the current 
Site must repeat the process of constructing WFG's and 
sending them to the sites to which the transactions being 
waited for have migrated. If the transactions being waited 
rOogeanercemensmslre and active, deadlock detection activity 
Can cease. Level three activity will continue until a 
Geqcmock@lsmioumadnon 1t 1S discovered that there 1s no 


deadlock. 


50 





The following 


tae algorithm: 


Bi 


definitions are used in the description of 


ms -- Intention Lock 

W(X) -- Exclusive Write lock on resource x 

ROX) -- Shared Read lock on resource x 

IW(x) -- Intention Lock(Write) on resource x 

IR(x) -- Intention Lock(Read) on resource x 

poimime(l) =—= Site or Origin of transaction T 

ier Gh) -- Lock Table for resource R 

cer) "= OcCKenisvOry sor transaction T 

eyvext" -- Field in Lock Table reflecting the 
resource a transaction intends to 
acquire next 

"Current" -- Field in Lock Table reflecting the lock 


Paes LGORITTHM 


1 {Remote 


currently held by a transaction 


resource RK requested or anticipated by 


transaceron=or agent T} 


hewn Fleace aiiomopriate Tiventry in ‘next’ field of 
the Lock Table of the current resource (the last 


eesournce  lockedmeoy )T,if anyvemeand in LH(T). 


Be totart level 1 detection activity at current 
Site}. If another transaction is waiting for the 
last resource locked by TT, construct a Wait-For 
Gpaswemirom tne Lock Histories of the transactions 
holding and requesting that resource and check for 
eyc res. 


Creep lieno eycles are devected or 11 no transactions 
are waiting: 


ipmeoellect LH(I) and thme latest GNES from the 
current site, and have an agent created at the site 
of the requested resource. 


2) Serer 


D. If a cyele is detected, resolve the deadlock 


{Local resource R requested} 


5) | 





roe Jr enesounrecesk 1seavaerlable: {lock it} 


1) Place appropriate lock in Lock Table of 
meoSOUrce! nh ander LHC.) . 


2) end 


Pita cesouUsecm tse noe. ~available: {Start level 1 
detection activity} 


1) Place appropriate IL in Lock Table of 
Resource Reamdsin LACT) . 


a meonstruccwa nt =worape from Lock Histories of 
Gem cransaermrons  Nolding and requesting R, and 
egeecx for eyches. 


3) If there are no cycles, and Lag the 
EmeaioaecloOnemmwioldinwemeume .1.OCK On KR 1s still at 
Giees SiGe cand. "acraye.) Stop. Liveeume re ters to 


cycle, rese@lve tae deadlock. 


Heel? thie treneadertonegolding the lock on R has 
Cieger OMNtieraccedetowaneuner slte, Or 1S still at 
Uwe Sluc Olle tombeloeceeds by another transaction 
which has migrated to another site, delay(ti). 


5) If resource is now available: 
a) Remove IL from Lock Table and LH(T) 
0) 1GO, BO: Stepan A 


Gomer Cresourcemmscmaer sauemtaole: {Start level 2 
act inyawy } 


DecCoustiuce somNuGamisnmececme Lock Histories 
of the transactions in the WFSs which have been 
sent from other sites by level three detection 
emmvilny, OF sbrougne byStransaovlons which have 
Pweaved. GO Cihnsestve,;manasGme Lock Histories of 
paleo boexed Or Inacuive transactions at this 
eeeue sana check for cyeles. 


Dey It any “evelles are found, resolve the 
deadlock. 


ey eif mo cycles me found, Delay(tc2) 


ad) if the requested resource is now 
availapve, go to step 2A 


BVA 





e) If the transaction being waited for is at 
Enis Si vemamarderLve, StOp. 


PJ eomeueemresouree 15 Stijl notw available, 
go to step 3 {Start level 3 detection activity}. 


3. {Wait-For Message Generation} 


Peet owane. Level 3s. detection activity}! Construct a 
WFS by condensing the latest WFG into a list of 
Semin sce Or  UranisaeeLonSesWwalbingw. for transactions. 
Add the Lock Histories of each transaction in the 
SeGinig. 


Bes send the WFS to the site to which the 
transaction being waited for has gone. 


4. {Wait-For Message Received} 


Doe eioedne level 3 detection activity} Construct a 
WFG from the Lock Histories of the transactions in 
PiCwNG oS Seetrom (ObDeressitese, and. from the Lock 
distories of all blocked or inactive transactions at 
this site. (Use the latest WFS from each site.) 


pepeekuecnls WeGesbows that a wtransaction which is 
being waited for has migrated to another site, go to 
step 3. {Repeat WFS Generation} 


C. If the transaction being waited for is active, 
MmGmeiias NOt IMdreaced py an intention Lock that 10 
Will attempt to acquire a resource which may result 
mice cdead lock, disecara the WG and stop. 


D. if the transaction being waited for is active 
buenas indicated by an Intention Loek that 1t 1s 
going to a site which will cause a deadlock, or if a 
cycle is found, resolve the deadlock. 


eee one ONSOr THE ALGORITHM 


Sop ats Step 1S executed amy time a transaction 
(or agent) T requests a remote resource, or when it 
determines that it will require a remote resource. The Lock 


Bo 








Table of the resource which the transaction is SUP rently 
using (or has just finished with) is checked to see if any 
other transactions are waiting (i.e., have placed Intention 
Peereowemror that resource. if so, the Lock Histories of all 
Cmamsactlilons requesting and holding the resource are 
combined into a WFG and a check for cycles is made. be ale 
Oimemme 1S found, TI collects the WFS formed from the WFG at 
that site and causes an agent to be created at the site of 


the requested resource. 


Seep c. TAvSesstep. sismemexeccucedsscach time a local 
resource is requested, either by an agent (transaction) 
already at that site or by a newly created agent. Lt eee hie 


resource iS available, appropriate locks are placed and tne 
resource granted. if the resource is not available, 
Intention Locks are placed in the Lock Table of the 
meawesved resource and in the Lock History of the requesting 
meansaettOn wa WEG is constructed using only the information 
in the Lock Table of the requested resource and the Lock 
tiawommes set the  ~transactions. Molding or requesting that 
resource, and a quick level one check is made for possible 
deadlock cycles. If no cycles are found, the algorithm 
Wes nOh ea r@ercvdin period of time before continuing. This 
Siebecdmmaierow the. transaction  swhieh holds the resource to 
complete its work and release the resource. If the resource 
PomeiGgumavaiikyete after this delay, theschance of a deadlock 


Vomheagher, soeche “algorithm shifts» to another level of 


54 





detection. It now uses the Lock Histories from each blocked 
Or inactive transaction at the site, as well as from any 
WFS's from other sites which have been brought by migrating 
transactions. If there are no cycles in this graph, and the 
resource is still not available after a second delay (also 
Cunable by the system users), the possibility of deadlock is 
again much greater, but the current site has insufficient 
information to detect it. Therefore the proposed algorithm 
Bmepresses tO the third level of detection (step 3). 

Step 3. The Wait-For message generated by this’ step 
Seite Ol a COllecTion of substrings. Each substring is a 
Misouscransactions each of which 18s walting for the next 
eemoaadeciod in the substring. The substring also contains 
the resources Locked or Intention Locked by each transaction 
iieeroemsuostring. A local timestamp will be affixed to this 
message so that the receiving site will be able to determine 
which is the latest information from any Site. 

Svep 4: iis  StCORmGom—EocKk “HaStoriles of "tne 
CreiiSsiewromsm 1n the WES'S previously recelved from other 
Sacecsmmeanameme Lock Histories of any bdbloeked or inactive 
Cramisactions at this site are added to the Wait-For 
iimemmnatvienewcOneammed in areceived WS. If there is still 


insufficient information to detect a cycle (a transaction 


Pomaeevaltedmror nas migrated to another site), another 
iteration muSt be performed, so the algorithm repeats by 
meaismenrewmemcorsvep 3. If a eycle is detected, it is 


3)5 





resolved, and if the last transaction being waited for is 


Semmeeaceive, the algorithm stops. 


ieee renATION OF THE ALGORITHM 


The operation of the algorithm will be shown by 


Sxecutuing 1+ on the example used in Chapter two. T1 
fueieares €O Site B and locks resource R2. It then migrates 
to site C and locks resource R3. TY locks resource RY at 


een AL this point, the Lock Histories and Lock Tables 


are: 
Sace A Dut as owe. C Sine. Dp 
Gla): Gat. le) ak li): LH(T4): 
{IWC R2B) } {WC R2B), {WC ROB), {WC R4D)} 
IW(R3C) } WCR3C) } 
reRZeoe: [ieee Cu); est B 
T1{WCR2B) } TI{WCR3C) } T4{WCR4D) } 
iow accempts CO acquire resource RY. By step 1, an [IL 


Sreremerceohaced in LH(I1) and in LI(R3) at site C. As there 
naomiominmcencion Locks in LI(R3C), the WFS from site C is 
S@iiveeucd (at this point in time, none exists), and an agent 
pemetcmermeaced at Site D, with IT1 "bringing" LH(T1): 
{WCR2EB), WCR3C), IWCR4YD)}. Site D now applies step 2B1, and 
plac oomegemlemenery in LICR4D) and LH(T1). Then it executes 
step 2Be by combining the Lock Histories of T1 and T4. No 
Sictmeceagemuotaca, DUt as T4 is Still active at site D, the 
DDelscmeowopped. The current status of the Lock Tables and 


beck Histories is: 


56 . 





Site A Site B Site C Site D 


ne 11): Glee: Ee al ee te andl) )<2 
{IWCR2B) } iWERZB {WC(R2B), {WC(R4D)} 
IW(R3C)} W(R2C), LH(T1): 
IW(R4D)} {Ww(R2B), 
WCR3C), 
IW(R4D) } 
EVGk2e lt Ree): PGR e 
T1{W(R2B)} TI{WCR3C), TH{W(R4D)}; 
IWCRYD) } Ti{IWCR4D) } 


T4 now determines that it needs to write into resource R32. 
immcoeenes Step | and places IL entry in LH(T4) and LICR4D). 
The Loek Table for RH is now LTC(R4YD): TH{WCR4HD) ,IW(R3C)}; 
Pirewcn4D)}, and the Lock History for T4 is now LH(T4): 
IWORHD), IWC R3C)}. It sees in LT(RYD) that T1 is waiting 
aeoreeso it combines its Lock History with Tits. This 
reflects the cycle T1--=>T4-->T1, so a deadlock has been 


detected. 


an 4 





J ePaNAGY StS OGe ine FROPOSED ALGORITHM 


The operation of the proposed algorithm was shown in the 
icicoee enapter. imac toc An uene ew eanwetntionmal proof of 
Ponmeceness Of the algorithm will be presented, and then the 


algorithm will be analyzed for robustness and efficiency. 


Pee oRMAL PROOF OF CORRECTNESS 

In general, a deadlock cycle can have many different 
topologies. For the model of transaction execution used in 
the proposed algorithm CUbl ele Ele Lele om agents og 
transactions), these different topologies can be loosely 
Meewocan!nvo four categories. Category A involves local 
feadwmwoeks in Which all the resources and transactions 
Involved in the deadlock are local, 1.e., located at one 
Eeeenmaia caus the transactions involved not have locked any 
resources at other sites. Category B 1s the same as 
category A, with the exception that the transactions are 
Memeocatwumr.ec., they may have locked resources at other 
Sites. Deadlock cycles in category C are cycles involving 
Only one transaction and one resource at each of two sites. 
PaAveeOG yl toa generalization of category C deadlocks; any 
number of transactions and resources may be involved at) any 
number of sites. For each category, it will be shown that 


the algorithm detects all possible deadlocks in Gibha © 


56 





Season y, and that the algorithm does not detect "false" 
deadlocks except in the case where a transaction which was 
mivolved ina deadlock has aborted, but its agents have not 
vet been notified. This will be done both LOr an 
environment of no errors, and in an environment of the types 
eeewerrors discussed in Chapter two (lost messages and single 
seete, failures. ) 

If all the transactions and resources involved in a 
deadlock are located at the same site and none of the 
transactions have locked resources at other sites, each 
Meimedetion’s Lock History will be an accurate and complete 
mmcaeemoer or the locks placed by that transaction. If the 
feaemocamecvyele length is two, the combination of the Lock 
Histories in step 2B2 (level 1) will detect the cycle. ihe 
the length of the cycle is greater than two, step 2B6 (level 
2) will combine, for this category of deadlock cycles, the 
PoM@m~enistOries of all the blocked or inactive transactions 
at the site. This information will be a complete and 
jecunraveweclOpal snapshot of the deadlock cycle, and hence 
the deadlock will be detected. 

Deadlocks in the second category are those in which all 
Ule=wrantsadcwrens and resources involved are at one site, but 
the transactions involved may have locked resources at other 
Sites before creating the agent at this site. The argument 
to snow that all deadlocks in this category will be detected 


by the proposed algorithm is essentially the same as the one 


a9 





HSedm@ior the first category. Since all the transactions 
iMmereved sin the deadlock are currently at this site, their 
ESekeiistories are complete and accurate in so far as they 
pertain to the deadlock cycle. It is possible, in the case 
memconcurrent execution of a transaction's agents, for an 
agent involved in a deadlock to be unaware of resources 
meexed by other agents of that transaction which are 
Sesemicving concurrently, and will probably stall be active. 
The only difference between this case and the preceding is 
ea@aue the  WFGS constructed by steps 2Be and 2B6 may contain 
momen mation=about other locks held by the transactions 
mvohyed put tne information concerning the deadlock cycle 
Will be present. 

Deadlocks in the third category will be detected by 
level 1 because a single Lock Table at each site holds 
suerte octent information to detect a deadlock cycle. If the 
migrations occur simultaneously, the "Next" field of the 
Lock Table of the requested resource would snow an Intention 
[Coek on the other resource, and this cycle would be detected 
mes teo cae LE@the migrations oeeurred™ sequentially, the 
second eransaction would, before migrating, place an 
Pmeenciomes Leck in the Lock Table of its last locked 
resource. The level 1 check of step 1B would cause a WFG to 
be constructed which would reveal the deadlock cycle. 

The fourth category of deadlock cycles is 2 


femepalizeaevone of the third. beedloek- cycles gin this 


60 





category may involve any number of transactions and 
Meseounees “at “any number of Sites. A record is always kept 
Serene Site to which a transaction has migrated (in “the 
"Next" field of it's last locked resource at the current 
site.) If level 2 cannot detect the cycle in step 2B6 with 
information at that site, level 3 causes a WFS containing 


mies Site's information to be sent to the site to which the 


transaction has migrated. Steps 3 and 4 cause this process 
Mo be continued, with each Site adding additional 
information, until a site contains enough information to 


detect a deadlock cycle or determine that no deadlock 
exists, regardless of the number of migrations made by a 
Erans@evtion. 

| False deadlocks are an anomaly where a non-existent 
deadlock eyerle is detected by a deadlock detection 
wezoritmm, and are usually a result of incorrect or obsolete 
mit OfmMat von. Since the proposed algorithm uses only the 
PaeeSsrecooy Of a transaction's Lock History for deadlock 
Gemeceltonmpuraoses, the information used cannot be incorrect 
in the sense of invalid entries, although it may be 
incomolete. tees Sneans that a vamtenrer graph constructed 
Meome ineomplete versions of Lock Histories may nave 
Micomitriterent saintormation to deteet a deadlock at that 
particular level of detection activity or iteration of level 
eM@ree actavity, but Lt will not have incorrect information. 


Maen a transaetion which has agents at two or more sites 


61 





commits or aborts, however, it is possible that the commit 
Or abort messages to other agents of that transaction may be 
delayed. Obviously, a transaction which is ready to commit 
cannot have any of it's agents in a blocked state (and 
PnAerefore in a possible deadlock condition), so its agents 
Gan either be only active or inactive. While inactive 
agents may be being waited for by agents of other 
maaisdelions, mo Lock History or Lock Table can show that an 
agent of the transaction which is about to commit is waiting 
Porsanouner transaction, so no false deadlocks can exist. 
inMicmerore Only tne possibility of a tranSaction which is in 
the process of aborting and thus causing a false deadlock to 
be detected must be considered. Suppose an agent of a 
transaction decides to abort, but before its abort message 


reaches another agent of that transaction, a deadlock is 


Beumcmrnvolving that transaction. Tecnnically, this could 
be eonsidered a false deadlock, since one of the 
transactions involved has aborted, probably breaking the 
deadlock cycle. If the deadlock cycle 1s complex, and the 
proposed algorithm is performing level two or three 
pewmect Mon mactiVvVity, the delays introduced in steps 2B4 and 
2B6c should allow the abort message to arrive. For the very 


rare occurences where the abort message does not arrive, it 
would probably be more efficient to let the deadlock 
detection algorithm resolve the (false) deadlock rather tnan 


Mew ides cnhesaleorithm perform some explicit action (such as 


62 





delaying before resolving any detected deadlock cycle) each 


Cime it detects a deadlock. 


Peer pUoTNESS ANALYSIS 

bevel one of the proposed algorithm appears to take a 
pessimistic view concerning the occurrence of deadlock by 
e@eeking for it any time a remote resource is requested, or 
a local resource is not available. The author believes that 
the cost involved in this simple check is negligible when 
compared to the cost of creating agents when they are 
certain to become deadlocked, even when the probability of 
GSeeadlock is ’4as low aS reported in [Ref. 9]. Since cycles of 
. length three or more are very rare, however, it is 
advantageous to assume an optimistic viewpoint toward their 
occurence. Thus a greater cost can be expended in checking 
menmeenem if We wait Until the probability of their existence 
oemicn figher. 

The robustness of the proposed algorithm can be compared 
tO that of the algorithms analyzed in Chapter three by 
executing it on the example used for that amen yois. 
Additionally, for a more thorough demonstration of the 
SPeoravtoumwor sume algorithm, the actions taken by each step 
Will be shown. 

teeemiiem: Tameransaction 11 at Site A requests resource 
RE. Srcpminepieces an IW (intention Write) lock in LH(T1). 


PicCemlecurrently holds no resources, no Lock Table entries 


63 





gem meaes, and step |B as skipped. Step 1C causes an agent 
Previewhtn Lathi):IW(R2B) to be created at site B. At site 
PPecvepee 1S applied. R2 is available, so the Write Lock is 
epaeced in LI(R28) and in LH(T1) at site B. At time te, TH 
requests R4, which is local. Step 2A is applied by site D, 
ema, tne Write Lock is placed in LH(T4) and in LT(CR4HD). At 
mimcmrees, ©) dt Site B requests R3. Step 1A places an IW 
Pecwmeomecn minwvnies Next" field of Ti’s entry in LI(R2B), and 
ie lait 1). HGmQener weceansaetions are waiting for R2, so 
Sep oeecauses an agent of Tl with LH(T1):WC(R2B),IWCR3C) to 
Memrecreacecd sat Site C. At site C,; R3 is available, so step 
2A places the lock in LT(R3C), and modifies the IW(R3C) 
pai aveeeomnAtnsC) in tne copy of LH(T1) at site C. 

memume tse j requests R42) Site © applies step iA and 
Beeees oan IWCRHUD) in gthe “Next” field of Ti's entry in 
meensecoyeand in LH( Tt). Since no transactions are waiting 
Orr Roemeeotce © causes an, agent or Tl with LH(T1): 
WCR2B) ,WCR3C) ,IWCR4YD) to be created at site D. At site OD, 
fomeromicwmavallable, so step 2B places an IWC R4D) entry for 
iieetirenee  amdein LHCT1). ASWEG is constructed from tne 
Boece rrstertes Or fl and T4. “No cycles are detected, and T4 
Cwreeneenacmemem lock on R4) is still at site D and active, so 
deere <nmeGdeweerron activity stops. Figure 8 shows the 
SVvovuUsMemmcmipnooriate Lock Tables and Lock Histories at all 


POUT SlUtes ae thiis time. 


64 





ScewaA Site B SiLibe=C oaee D 


Peer |): luca ap) PEGte |) : Pane): 
{IW(R2B) } iWOR2 BB), {WC R2B), {WCR2B), 
IW(R3C) } WCR3C), WCR3C), 
ane) IW(R4D) } IWC R4D) } 
TI{WCR2B), els C): LH(T4) :{WCRA4D) } 
IW(R3C) } Te WG 3. yes LTC R4D): 
IWC R4D) } T4{WCRA4D) }, 


T1{IWCR4D) } 

igo = stavuss for proposed algorithm 
Now at time t6, T4 requests R3. Site D applies rule 1A 
Soeepbacing an IW entry in LH(T4) and in the “Next” field of 
ome, oer OR4). lt notices that IT] is waiting for R4, 
Pome Gs els COnstruected tsing the Lock Histories of T1 and 
T4. This graph is shown in Figure 9. As can be seen, a 


deadlock 1s detected. 


J 
R4 R3 R2 
Pig. 9 -- WFG reflecting deadlock cycle 


In this example, no messages were used specifically for 
the deadlock detection, so the effect of a lost message on 
the DDA cannot be examined. Since three of the opreviously 
analyzed algorithms did require separate DDA messages, 
however, this algorithm is therefore less susceptible to 
this type of failure. If one of the messages which created 


an agent were lost, no deadlock would have occured. 


65 





since agents are created at the sites where the required 
resources are located, and level one detection activity is 
Vemeemmedwany time a resouree is requested, this algorithm 
allows only sites of type b and d which were discussed in 
Biaower three. Type b sites are those which have a 
transaction involved in a deadlock and the site is involved 
in detection, and type d sites are those which have a 
resource involved in the deadlock and the site is involved 
WimememoobectlOm. In tact, fer the version of the proposed 
algorithm presented in Chapter four, these two types are the 
Same (a site involved in detection will have both a 
transaction or agent and a resource involved.) The timing 
and location of a single site failure will determine the 
Deeavylos of the algorithm. If sites A, B or C failed before 
Seeatine agents at B, C and D respectively, no deadlock 
Would result. If they failed after having an agent created 
at the next site, deadlock detection activity would not be 
affected. If site D failed before an agent for T1 was 
created, no deadlock would be created. If it failed after 
creating the agent but before the deadlock was detected, it 
NOUtdsneGunaetect the deadlock, but the site failing would in 
a sense break the deadlock. 

It appears that this version of the proposed algorithm 
Pom—acCacemmeas | fODUSt as tne Tsal=Belford algorithm, and 
more robust than the other three algorithms analyzed, for 


the example used. Because of the three levels of detection 


66 





activity in the proposed algorithms, inter-site messages for 
deadlock detection are only used for deadlock cycles of 
length three or greater, and depending on the topology of 
the deadlock cycle, messages are not even required for many 
@f those. In the majority of deadlock occurences, then, 
even this least robust version of the proposed algorithm 
Gewears CO ~9e More robust than any of the published 


algorithms analyzed in Chapter three. 


Ce cenrORMANCE SANALYSIS 


hemmeedie@ckK Seme efiitewency {in terms of inter-site 
messages) of the algorithm, it was executed on several 
deadlock scenarios. The algorithm of Obermarck [{Ref. 1] was 
also executed on these scenarios. Obermarck's algorithm was 


chosen for this comparison because it is being implemented 
in IBM's developmental distributed database system, System 
Poeemolnee the majority of deadlocks which will occur will 
Demon Meene ot) —tWO Or three, three test cases involving 
deadlock cycles of those lengths will be used for the 
GComoarilson. It is assumed that the transactions” are 
Menem wor@gered 11 < T2 < T3, for Obermarck's algorithm. 
These cases are shown in Figure 10. T1 originated at site A 
Suelo uwdamamhe@~non Ri, and T2 originated at site 8B and 
iotdsmculicGciowomene. in cases two and three, T3 originated 
jemsivcmeonmanadmmolds a lock on kK3. In case one, Tl has 


migrated to site B and requested R2, while Te has migrated 


on 








Dom vems and requested Ri. In case two, T1 has migrated to 
site B and requested R2, T2 has migrated to site C and 
meqvestedshs, and 13 haS Migrated to site A and requested 
Role In case three, T1 has migrated to site C and requested 


R3, Te has migrated to site A and requested R1, and T3 has 


migrated to site B and requested R2. 





Site C Site C 


Case 1 Case 2 Case 3 


Fig. 10 --j{ Deadlock cycles used in performance analysis 


For case one, where the deadlock cycle is of length two, 
the proposed algorithm requires no additional messages for 
deadlock detection, while Obermarck's algorithm requires one 
message. For case two, with a deadlock cycle of length 
three, Obermarck's algorithm requires one message. Tae 
number of messages required oy the proposed algorithm is 
dependent on the timing of the transaction migrations. Tf 
the migrations occur at different times, no messages are 
required. If, however, the migrations happen to occur 


SeavievamiceWisy omy SLX messages are required. A similar 


68 





Seuation occurs in case three. Me the wileracreons OCCuUr 
Simultaneously, six messages will be required. If they 
occur at different times, however, no messages are required. 
Obermarck's algorithm requires two messages. 

It 18S apparent that in the majority of cases (since 
cycles of length two are more common than those of length 
three), no messages are required for the proposed algorithm. 
The worst case scenario for the proposed algorithm, however, 
Pomormeitricantly worse than Obermarck's, for the version of 
the proposed algorithm presented here. If Obermarck's 
Optimization were used with the proposed algorithm, it would 
never need more messages than Obermarck's algorithm, and 
would usually require fewer. 

iicmamounc of time used in level one activity is 
fenedcare ss stnmee only a single resource's Lock Table is used 
Mem@ecermine the Set of tranSactions whose Lock Histories 
must be combined. Even with level two, the time required to 
Semevepuerea WrG USing all Wait For information at a site 
SuCulemm paces no longer than the construction of a WFG in 
Spemmagem cmaleorithm. In [Ref. 1], Obermarck does not 
PeaseusscmemomeommT accCOrs which trigger deadlock detection, but 
for this analysis, it is assumed that it is triggered X 
Upmesmonmemmemanter a transaction waits for a resource. His 
algorithm constructs a WFG at each iteration of the deadlock 
detection cycle, regardless of the potential size of the 


cycle. Since the proposed algorithm performs a comparable 


69 











construction only when cycles of length two have essentially 
been eliminated as a possibility, it appears that the 
proposed algorithm will require less time to execute 


whenever it is invoked. 


70 





Vie CONCLUSIONS 


The proposed algorithm has been shown to be at least 
competitive with existing algorithms for deadlock detection 
in distributed computing systems. The proposed algorithm is 
more efficient at detecting the majority of deadlocks which 
can occur than the other deadlock detection algorithms 
analyzed. It's performance is worse, however, for those 
deadlock cycles of length three or greater which are caused 
by Simultaneous migration of all the transactions involved. 
Inasmuch as deadlock cycles of length three or more are 
come mand tie probability of all the transactions involved 
migrating simultaneously appears to be low, this extra cost 
should be neglibible when compared to the savings caused by 
Bicmautenrunm tor the majority of deadlock cycles. If it is 
felt necessary, an Sp eams Zation scheme Similar to 
Ssemmenrck Ss lexical ordering of transactions [Ref. 1] could 
be included in step 3B, but this requires a global mechanism 
fopmemaecring ali transactions ina system. 

The proposed algorithm has been shown to be more robust 
than the other algorithms analyzed, primarily because it 
very rarely uses inter-site messages for deadlock detection, 
and because of the model of transaction execution it 
assumes. Resources can only be locked by agents at that 


site, and hence a resource cannot be permanently locked by 


ial 





virtue of the site where the transaction which holds the 
HOCK tsstOCated failing. A site failure with this model of 
transaction execution wil break the deadlock. 

The proposed algorithm can be modified by combining 
levels one and two, if the number of resources” and 
transactions in the system are small, and therefore the cost 
Srechcaulne WhG's at leveleewould be comparable to the cost 
SuwulcmlevcMmlaWwiG CONnStruction. Ihe cost of construction 
of the WFG's used by the algorithm could be saved by not 
SCOnstruceine them at all, but merely examining the WFS's and 
Lock Histories, since all required information is contained 
in them. Miemecevays Wilen Wave been bullt-in to the 
algorithm can be adjusted empirically to determine the 
Cpetmumeaetays fOr a particular implementation. 

Peeesmeonciuded that the proposed algorithm as presented 
Mieco eet mr Our 1s more robust and efficient than existing 
deadlock detection algorithms for distributed computing 
systems, and that its performance can be made even better 
Virtimiommnoadtiicatrons. It 1s also a good basis for more 
major modifications such as having level 3 detection done by 


ieee oem Gren Of the transactions involved. 


(2 





Li SI MOR eRe heENCES 


IBM Research Division Research Report RJ2845 (36131), 


Global Deadlock Detection Algorithm, by R. Obermarck, 
June 1980. 


Tandem lechamcal Report TK61.3, The Transaction Concept: 
heaves mandmetmitabtomse oy J. Gray, June 1961. 


Massachusetts Institute of Technology Technical Report 


TR=MIT/LCS/TR-185, Deadlock Detection in Computer 
Networks, by B. Goldman, September, 1977. 


IBM Research Division Research Report RJ2188(30001), 


licmeomOn laud Sease Operating Systems, by iJ. Gray, 
February, 1978. 


Memeaseceyme>. ands Muntz, &., "Locking and Deadlock 
Detection in Distributed Data Bases," JEEE Transactions 


on Software Engineering, v. SE-5, No. 3, p. 195-202, May 
1979. 


tstoor, oOo. and Marslaitd, T., tite ot tecrive _'’On=-lLine’ 
Deadlock Detection Technique for Distributed Data Base 
Management Systems," Proceedings COMSAC, p. 283-288, 
1978. 


Gemetowmy . and shattuck, S., “On Deadlock Detectlon in 
Drseripuced Systems," [EEE Transactions on Software 
Engineering, v. SE-6, p. 435-440, September 1980. 

teeaeeeand Belford, G., "Detecting Deadlock in a 
Distributed System," Proceedings INFOCOM, 1 April 1982. 
Cea eeecemomad. ) f., Korth, H. and &. Obermarck, "A 


Sumaveeitan Analysis of the a of Waiting and 
Deadlock in a Distributed Database ystem, ' paper 


presented at 5th Berkeley Workshop, February 19381. 


13 





PVE ees tiee Bor LON LIST 
No. Copies 


Wetensce Lecnnatcal intormacion Center 2 
Cameron Station 
Alexandria, Virginia 22314 


Piomany- code O 142 2 
Naval Postgraduate School 
Monterey, California 93940 


Department Chairman, Code 52Bz ] 
Department of Computer Science 

Naval Postgraduate School 

Monterey, California 93940 


Dushan Badal, Code 522d 2 
Department of Computer Science 

Naval Postgraduate School 

Monterey, California 93940 


William Shockley, Code 525p ] 
Department of Computer Science 

Naval Postgraduate School 

Monterey, California 93940 


bebhemaehacel T. Gehl, USN 2 
Box 436 
Dow City, Lowa 51528 


CAPT rerer Jones, USMC 1 
Marine Corps Central Design and 
Peoguamming ACLIVItTY 
Marine Corps Development and 
Education Command 
Suamemeo,e virginia 22134 


CDR Geir Jevne 1 
Sr ers 

Naval Postgraduate Scnool 

Monterey, California 93940 


74 














Thesis 
G258 
Cul 





Gehl 
Deadlock detection 
in distributed comput- 
ing systems. 





